Frameworks for Data Sharing: Exploring iSHARE and IDS
Establishing trust is crucial to enable data sharing between organisations.Traditionally, building trust requires extensive negotiations and a clear definition of the ground rules for sharing information.
Broadly speaking, this boils down to two categories:
- Legal/operational scope:
- Who is the other party?
- Is the party allowed to access the information?
- What are they allowed to do with the information?
- What information is exchanged?
- How is the information exchanged? (format and protocols)
The iSHARE approach
To promote trust, iSHARE focussed on the mechanisms of identification and authentication of both organisations and human users. In essence, the first category above. All participants have agreed to the same legal rulebook.
The usage rights of Data Consumers, or what they can do with the data they receive, is clearly defined. While Data Providers can clearly indicate its intended use and trust that the receiving party is legally bound to adhere to those conditions.
If the need arises, the Data Provider knows exactly who they have shared their information with, because all iSHARE participants can be identified.
For sensitive information that is not under the control of its legal owner, iSHARE uses an Authorization Registry. The registry allows participants to assign access rights (authorizations) to information to other iSHARE members and register these rights with an impartial third party (also an iSHARE participant) that can independently verify these access rights.
The IDS approach
The International Data Spaces Association (IDSA) took a different approach to solving this very same puzzle. They focussed on the data exchange mechanism itself. Specifically, they certified and harmonised the adapters used for data exchange according to a standardised architecture. If a party has implemented an adapter, it can be reused for all information exchanges within IDS.
All adapters are certified by impartial intermediaries that will make sure the adapter complies with the standard. If required, another intermediary may be involved for logging the exchanges made between the participants and handling any payments required for the use of the data.
Therefore, by combining these two frameworks, participants will be able to exchange data with full confidence, while having to maintain only very few technical interfaces and legal documents.For the immediate future, both schemes will continue to work together in establishing an even closer interoperability to maximize their combined advantages.
Click here for more details.